OpenSearch Kerberos always requires RC4-HMAC!

RHEL 8
OS 2.14.0

I am trying to force OpenSearch to use AES256 encryption in Kerberos authentication.

It seems like it never accepts a keytab with entries encrypted with aes256-cts-hmac-sha-96
ktutil: add_entry -password -p HTTP/myserver@mydomain.com -k 0 -e aes256-cts-hmac-sha-96

It throws “Cannot find key of appropriate type to decrypt AP-REC - RC4 with HMAC”

Also I get the same thing when I set allow_weak_crypto=false in krb5.conf

Note that I am already setting in krb5.conf:
[libdefaults]
permitted_enctypes = aes256-cts-hmac-sha-96

I appreciate your help.